Bug 1064161

Summary: [AAA][engine-manage-domains] IP for LDAP server is not working
Product: [oVirt] ovirt-engine-extension-aaa-ldap Reporter: Mike Kolesnik <mkolesni>
Component: CoreAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED CURRENTRELEASE QA Contact: Ondra Machacek <omachace>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: ---CC: alonbl, bazulay, bugs, gklein, iheim, mkolesni, omachace, oourfali, rbalakri, yeylon, yzaslavs
Target Milestone: ---Keywords: Improvement
Target Release: 1.0.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-17 12:28:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1063095    

Description Mike Kolesnik 2014-02-12 07:29:43 UTC 
Description of problem:
Tried to add domain with IP in the LDAP servers list and got these errors:

Error: LDAP query Failed. Error in DNS configuration. Please verify the Engine host has a valid reverse DNS (PTR) record.
Failure while testing domain ***. Details: No user information was found for user


Version-Release number of selected component (if applicable):


How reproducible:
100%

Steps to Reproduce:
1. run engine-manage-domains add with a LDAP server IP
2.
3.

Actual results:
You get the above errors


Expected results:
The domain should be added


Additional info:
When running the same command with the FQDN it worked
Comment 1 Yair Zaslavsky 2014-02-12 09:40:49 UTC 
Ravi, if I'm not mistaken, you dealt with a similar bug in the past, can you please take a look?

Mike, was it an active directory domain? IPA? what ldap vendor?
Comment 2 Mike Kolesnik 2014-02-12 12:15:32 UTC 
(In reply to Yair Zaslavsky from comment #1)
> Ravi, if I'm not mistaken, you dealt with a similar bug in the past, can you
> please take a look?
> 
> Mike, was it an active directory domain? IPA? what ldap vendor?

It was an IPA domain.

The original command line:
engine-manage-domains add --domain=*** --provider=IPA --add-permissions --ldap-servers=*** --user=***

In the --ldap-servers parameter I used the IP of the server.
Comment 3 Ravi Nori 2014-02-13 18:08:08 UTC 
BZ 966046 was about active directory. We need to find an equivalent solution for IPA
Comment 4 Sandro Bonazzola 2014-03-04 09:26:33 UTC 
This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Comment 5 Alon Bar-Lev 2014-06-11 13:33:15 UTC 
this is working in the new ldap implementation. however, using SSL in this mode is unsecure.
Comment 6 Ondra Machacek 2014-08-26 17:55:30 UTC 
Works OK within new ldap implementation for socketfactory type java.
Comment 7 Alon Bar-Lev 2014-08-26 17:59:35 UTC 
(In reply to Ondra Machacek from comment #6)
> Works OK within new ldap implementation for socketfactory type java.

hi!

it should also work with the resolver socket factory, if there was an error I need to fix.
Comment 8 Ondra Machacek 2014-08-26 18:08:22 UTC 
Hi, please look here - bug 1134062
Comment 9 Sandro Bonazzola 2014-10-17 12:28:13 UTC 
oVirt 3.5 has been released and should include the fix for this issue.